Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,144
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,025 advisories

Loading
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic Low
CVE-2023-53160 was published for sequoia-openpgp (Rust) Jun 6, 2023
xml-rs vulnerable to denial of service via invalid token in XML document High
CVE-2023-34411 was published for xml-rs (Rust) Jun 5, 2023
00xc
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
sccache vulnerable to privilege escalation if server is run as root High
CVE-2023-1521 was published for sccache (Rust) May 30, 2023
redsun82 kevinbackhouse
Improper handling of NTS cookie length that could crash the ntpd-rs server High
CVE-2023-33192 was published for ntpd (Rust) May 25, 2023
mlichvar
Stored cross site scripting in Microbin Moderate
CVE-2023-27075 was published for microbin (Rust) May 4, 2023
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites Moderate
CVE-2023-31134 was published for tauri (Rust) May 3, 2023
Undefined Behavior in Rust runtime functions Low
CVE-2023-30624 was published for wasmtime (Rust) Apr 27, 2023
guidovranken alexcrichton
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending Moderate
CVE-2023-30610 was published for aws-sigv4 (Rust) Apr 26, 2023
Adverserial use of `make_bitflags!` macro can cause undefined behavior Moderate
GHSA-qvc4-78gw-pv8p was published for enumflags2 (Rust) Apr 24, 2023
Parsing borsh messages with ZST which are not-copy/clone is unsound Moderate
GHSA-fjx5-qpf4-xjf2 was published for borsh (Rust) Apr 17, 2023
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area Moderate
GHSA-fq33-vmhv-48xh was published for ntru (Rust) Apr 7, 2023
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers Moderate
GHSA-2qv5-7mw5-j3cg was published for spin (Rust) Apr 3, 2023
Regular Expression Denial of Service in Deno.upgradeWebSocket API Moderate
CVE-2023-26103 was published for deno (Rust) Apr 3, 2023
dellalibera
Comrak AST node data is not validated (GHSL-2023-049) Moderate
CVE-2023-28631 was published for comrak (Rust) Mar 28, 2023
darakian
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048) Moderate
GHSA-xxmq-4vph-956w was published for comrak (Rust) Mar 28, 2023
philipturnbull
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047) Moderate
CVE-2023-28626 was published for comrak (Rust) Mar 28, 2023
philipturnbull
NATS TLS certificate common name validation bypass Moderate
GHSA-wvc4-j7g5-4f79 was published for nats (Rust) Mar 27, 2023
Interactive `run` permission prompt spoofing via improper ANSI neutralization High
CVE-2023-28446 was published for deno (Rust) Mar 24, 2023
tristan-f-r
`openssl` `X509NameBuilder::build` returned object is not thread safe Moderate
GHSA-3gxf-9r58-2ghg was published for openssl (Rust) Mar 24, 2023
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read High
GHSA-9qwg-crg9-m2vc was published for openssl (Rust) Mar 24, 2023
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference High
GHSA-6hcf-g6gr-hhcr was published for openssl (Rust) Mar 24, 2023
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses Moderate
CVE-2023-28448 was published for versionize (Rust) Mar 24, 2023
async-nats vulnerable to TLS certificate common name validation bypass Moderate
GHSA-f5v5-ccqc-6w36 was published for async-nats (Rust) Mar 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database